With the expansion and refinement of network services, all kinds of applications emerge one after another. Before a user terminal accesses a network, some network parameters necessary to the network must be obtained. Some users obtain network configuration parameters such as an Internet Protocol (IP) address, a Domain Name Service (DNS) and a gateway through a Dynamic Host Configuration Protocol (DHCP), and some user terminals manually set the network configuration parameters such as the IP address, the DNS and the gateway to access the network. The user terminals that manually set the IP are also called static users.
Currently, when a static user is deployed on a Broadband Network Gateway (BNG), an authentication method generally used is to authenticate by binding user Virtual Local Area Network (VLAN) information or binding user Media Access Control (MAC). Since there is no secure authentication protocol interaction, circuit information of a legal static user is easy to be simulated (simulating the same VLAN, the same MAC, and the like) by an illegal user to trigger online to affect the service use of the legal user and damage the benefits of the legal user; therefore, such an authentication manner is often poor in security, furthermore, wireless accesses such as Wireless Fidelity (Wi-Fi) is increasingly popular today, and the static user has a growing requirement on the reliability and convenience of the access mode, for example, the access manners for the backup of Wireless Local Area Network (WLAN) access and fixed-line, such as optical fibre, is required to enhance the reliability of the network. Furthermore, the WLAN access manner may better simplify the access way to reduce the access cost and bring a removable good experience to the user. A traditional static user access manner is a circuit authentication manner, which requires to check and define the access circuit of the static user, tedious configurations such as the MAC address, IP address and access circuit, user account and key of the static user have to be configured on BNG equipment, thus increasing the complexity of maintenance and not supporting an extended authentication method with high security requirement and a two level security tunnel of the user, also limiting the mobility of the user in a WLAN scenario (such as drifting and roaming on different circuits managed by the BNG), furthermore, when it is applied in a WLAN network, the problem of the air interface data security is difficulty to be solved.
Therefore, there are problems of low security and poor mobility in authentication on the static user accessing the network in the related art.